lfshttp: don't crash on invalid cert data
Right now, if our certificate data is not a valid PEM block, we return nil in `block`, and then crash when checking to see if it's encrypted. Let's fix this by checking to see if the block is nil, and if so, returning an error.
This commit is contained in:
brian m. carlson
parent
6fa9ed32a8
commit
5b5cf56117
@ -86,6 +86,9 @@ func getClientCertForHost(c *Client, host string) (*tls.Certificate, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
block, _ := pem.Decode(key)
|
block, _ := pem.Decode(key)
|
||||||
|
if block == nil {
|
||||||
|
return nil, errors.New(tr.Tr.Get("Error decoding PEM block from %q", hostSslKey))
|
||||||
|
}
|
||||||
if x509.IsEncryptedPEMBlock(block) {
|
if x509.IsEncryptedPEMBlock(block) {
|
||||||
key, err = decryptPEMBlock(c, block, hostSslKey, key)
|
key, err = decryptPEMBlock(c, block, hostSslKey, key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
14
t/t-fetch.sh
14
t/t-fetch.sh
@ -298,6 +298,20 @@ begin_test "fetch with missing object"
|
|||||||
)
|
)
|
||||||
end_test
|
end_test
|
||||||
|
|
||||||
|
begin_test "fetch does not crash on empty key files"
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
cd clone
|
||||||
|
rm -rf .git/lfs/objects
|
||||||
|
|
||||||
|
git config --local http.sslKey /dev/null
|
||||||
|
git config --local http.sslCert /dev/null
|
||||||
|
|
||||||
|
git lfs fetch origin main 2>&1 | tee fetch.log
|
||||||
|
grep "Error decoding PEM block" fetch.log
|
||||||
|
)
|
||||||
|
end_test
|
||||||
|
|
||||||
begin_test "fetch-all"
|
begin_test "fetch-all"
|
||||||
(
|
(
|
||||||
set -e
|
set -e
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user